"
Ok, good. But keep in mind this is just a workaround for the time being.
Cheers,
Franco
Cheers,
Franco
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#10322
20.7 Legacy Series / Re: 20.7-BETA images with HBSD 12.1
April 10, 2020, 01:52:55 PM
Thanks for testing. On the Realtek side the driver isn't newer, not sure where you read this.
If all goes well next week there will be an online update with PHP 7.3 included and some bugs fixed. :)
Cheers,
Franco
If all goes well next week there will be an online update with PHP 7.3 included and some bugs fixed. :)
Cheers,
Franco
#10323
German - Deutsch / Re: install Gateprotect GP-125
April 10, 2020, 01:51:01 PM
Hallo,
Soweit ich weiss unterstützt der Realtek Vendor Treiber einige ältere Karten nicht mehr.
i386 ist ab Juli auch Geschichte. Ein Linux wäre besser.
Grüsse
Franco
Soweit ich weiss unterstützt der Realtek Vendor Treiber einige ältere Karten nicht mehr.
i386 ist ab Juli auch Geschichte. Ein Linux wäre besser.
Grüsse
Franco
#10324
20.1 Legacy Series / Re: Vulnerability Disclosure Process?
April 09, 2020, 03:16:16 PM
Hi,
Either unencrypted via project@opnsense.org or encrypted via security@opnsense.org (key should be on the cool GPG keyservers).
Cheers,
Franco
Either unencrypted via project@opnsense.org or encrypted via security@opnsense.org (key should be on the cool GPG keyservers).
Cheers,
Franco
#10325
General Discussion / Re: Possibility to modify conf manually via shell
April 09, 2020, 01:55:45 PM
Hi there,
> How can I prevent the destruction of my manual changes?
Isn't this the wrong question considering both *sense share the same approach to config files? :)
On GitHub we can discuss the tls-crypt integration. So far it hasn't been the most pressing issue for the community. Some things are behind, some are more forward in general depending on where work is spent.
Ping me at https://github.com/opnsense/core/issues/2048
Cheers,
Franco
> How can I prevent the destruction of my manual changes?
Isn't this the wrong question considering both *sense share the same approach to config files? :)
On GitHub we can discuss the tls-crypt integration. So far it hasn't been the most pressing issue for the community. Some things are behind, some are more forward in general depending on where work is spent.
Ping me at https://github.com/opnsense/core/issues/2048
Cheers,
Franco
#10326
Tutorials and FAQs / Re: Don't use bridge and CARP on the same interface!
April 09, 2020, 01:21:16 PM
Hi there,
This is interesting how at least 4 people involved have been or are employed by pfSense since 2015... proposing working fixes and blocking them at the same time. *shrugs*
https://reviews.freebsd.org/D3133
And thanks for pointing out the issue to your crashes tot he community!
Cheers,
Franco
This is interesting how at least 4 people involved have been or are employed by pfSense since 2015... proposing working fixes and blocking them at the same time. *shrugs*
https://reviews.freebsd.org/D3133
And thanks for pointing out the issue to your crashes tot he community!
Cheers,
Franco
#10327
Development and Code Review / Re: Building DPDK using ports
April 09, 2020, 11:32:56 AM
./librte_rawdev_skeleton.so -> dpdk/pmds-20.0/librte_rawdev_skeleton.so
./librte_rawdev_skeleton.so.20.0 -> dpdk/pmds-20.0/librte_rawdev_skeleton.so.20.0
====> Compressing man pages (compress-man)
===> Building package for dpdk-19.11_2
root@sensey:/usr/ports/net/dpdk # git diff
diff --git a/Mk/Uses/ssl.mk b/Mk/Uses/ssl.mk
index bb416032191..8e3dfd7dcf1 100644
--- a/Mk/Uses/ssl.mk
+++ b/Mk/Uses/ssl.mk
@@ -129,6 +129,6 @@ MAKE_ENV+= OPENSSLRPATH=${OPENSSLRPATH}
OPENSSL_LDFLAGS+= -Wl,-rpath,${OPENSSLRPATH}
.endif
-LDFLAGS+= ${OPENSSL_LDFLAGS}
+#LDFLAGS+= ${OPENSSL_LDFLAGS}
.endif
Cheers,
Franco
./librte_rawdev_skeleton.so.20.0 -> dpdk/pmds-20.0/librte_rawdev_skeleton.so.20.0
====> Compressing man pages (compress-man)
===> Building package for dpdk-19.11_2
root@sensey:/usr/ports/net/dpdk # git diff
diff --git a/Mk/Uses/ssl.mk b/Mk/Uses/ssl.mk
index bb416032191..8e3dfd7dcf1 100644
--- a/Mk/Uses/ssl.mk
+++ b/Mk/Uses/ssl.mk
@@ -129,6 +129,6 @@ MAKE_ENV+= OPENSSLRPATH=${OPENSSLRPATH}
OPENSSL_LDFLAGS+= -Wl,-rpath,${OPENSSLRPATH}
.endif
-LDFLAGS+= ${OPENSSL_LDFLAGS}
+#LDFLAGS+= ${OPENSSL_LDFLAGS}
.endif
Cheers,
Franco
#10328
Development and Code Review / Re: Building DPDK using ports
April 09, 2020, 11:11:00 AM
Ok, I have the same error, but slightly more relevant:
clang -O2 -pipe -DHARDENEDBSD -fno-strict-aliasing -DHARDENEDBSD -include rte_config.h -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/obj/usr/ports/net/dpdk/work/dpdk-19.11/_build -I/usr/obj/usr/ports/net/dpdk/work/dpdk-19.11/config -I. -I/usr/src/sys -fno-common -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -MD -MF.depend.contigmem.o -MTcontigmem.o -mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fwrapv -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -D__printf__=__freebsd_kprintf__ -Wmissing-include-dirs -fdiagnostics-show-option -Wno-unknown-pragmas -Wno-error-tautological-compare -Wno-error-empty-body -Wno-error-parentheses-equality -Wno-error-unused-function -Wno-error-pointer-sign -Wno-error-shift-negative-value -Wno-error-address-of-packed-member -mno-aes -mno-avx -std=iso9899:1999 -c /usr/obj/usr/ports/net/dpdk/work/dpdk-19.11/kernel/freebsd/contigmem/contigmem.c -o contigmem.o
ld -rpath,/usr/local/lib -d -warn-common -r -d -o contigmem.ko contigmem.o
ld: bad -rpath option
*** Error code 1
I think HBSD uses a different LD so you're seeing this error... hold on.
Cheers,
Franco
clang -O2 -pipe -DHARDENEDBSD -fno-strict-aliasing -DHARDENEDBSD -include rte_config.h -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/obj/usr/ports/net/dpdk/work/dpdk-19.11/_build -I/usr/obj/usr/ports/net/dpdk/work/dpdk-19.11/config -I. -I/usr/src/sys -fno-common -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -MD -MF.depend.contigmem.o -MTcontigmem.o -mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fwrapv -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -D__printf__=__freebsd_kprintf__ -Wmissing-include-dirs -fdiagnostics-show-option -Wno-unknown-pragmas -Wno-error-tautological-compare -Wno-error-empty-body -Wno-error-parentheses-equality -Wno-error-unused-function -Wno-error-pointer-sign -Wno-error-shift-negative-value -Wno-error-address-of-packed-member -mno-aes -mno-avx -std=iso9899:1999 -c /usr/obj/usr/ports/net/dpdk/work/dpdk-19.11/kernel/freebsd/contigmem/contigmem.c -o contigmem.o
ld -rpath,/usr/local/lib -d -warn-common -r -d -o contigmem.ko contigmem.o
ld: bad -rpath option
*** Error code 1
I think HBSD uses a different LD so you're seeing this error... hold on.
Cheers,
Franco
#10329
Development and Code Review / Re: Building DPDK using ports
April 09, 2020, 10:51:52 AM
Hi there,
Trying this locally now on a box..
# opnsense-code tools src ports
# cd /usr/src && git checkout stable/20.1 && git pull
# cd /usr/ports/net/dpdk && make package
Cheers,
Franco
Trying this locally now on a box..
# opnsense-code tools src ports
# cd /usr/src && git checkout stable/20.1 && git pull
# cd /usr/ports/net/dpdk && make package
Cheers,
Franco
#10330
Announcements / OPNsense 20.1.4 released
April 08, 2020, 06:17:28 PM
Hello everyone,
It almost looks like business as usual. But we all know it is not. We will get through this together.
Here are the full patch notes:
o system: add missing strtolower() in LDAP sync response
o system: fix /var/run/legacy_log socket creation race with Syslog-ng
o system: add info button to display privilege / ACL endpoints
o system: make IPsec tap tunables overwriteable
o firewall: floating means either all interfaces or more than one selected
o firewall: simplify group maintenance by only applying them on filter reload
o interfaces: use primary IPv6 and support VIP tracking
o interfaces: multiple changes in radvd.conf setup (contributed by maurice-w)
o dhcp: fix DDNS support in DHCPv6 (contributed by Wagner Sartori Junior)
o firmware: mirror opnsense.ieji.de renamed to opn.sense.nz
o openvpn: improve openvpn_port_used() logic
o unbound: minor cleanup in /api/unbound/diagnostics/stats endpoint
o unbound: remove 192.0.0.0/24 from rebinding prevention list (contributed by maurice-w)
o mvc: simplify reload of captive portal, cron, IDS, alias, loopback, VXLAN, web proxy, routes, syslog and shaper
o mvc: limit dropdown size to 10 is none specified
o mvc: support inheritance of the ArrayField type
o mvc: synchronize backup timestamps with revisions
o mvc: fixed width for timestamp column in logging
o mvc: init errorMessage to prevent crash reports
o shell: use interfaces_primary_address6() for correct IPv6 display
o shell: append a newline in pluginctl -g mode
o plugins: os-acme-client 1.30[1]
o plugins: os-bind 1.13[2]
o plugins: os-freeradius 1.9.6[3]
o plugins: os-haproxy 2.21[4]
o plugins: os-maltrail 1.5[5]
o plugins: os-nginx 1.19[6]
o plugins: os-nut 1.7[7]
o plugins: os-postfix 1.14[8]
o plugins: os-tayga 1.0 (contributed by Michael Muenz)
o plugins: os-telegraf 1.7.7[9]
o plugins: os-unbound-plus 1.0 (contributed by Michael Muenz and Petr Kejval)
o lang: multiple updates to supported languages
o lang: new Turkish translation (contributed by Aydin Yakar)
o src: work around PCI devices which return all zeros for reads of existing MSI-X table VCTRL registers
o src: fix incorrect checksum calculations with IPv6 extension headers[10]
o src: fix TCP IPv6 SYN cache kernel information disclosure[11]
o src: fix insufficient oce(4) ioctl(2) privilege checking[12]
o src: fix incorrect user-controlled pointer use in epair[13]
o src: fix kernel memory disclosure with nested jails[14]
o ports: curl 7.69.1[15]
o ports: krb5 1.18[16]
o ports: openssh 8.2p1[17]
o ports: openssl 1.1.1f[18]
o ports: perl 5.30.2[19]
o ports: php 7.2.29[20]
o ports: python 3.7.7[21]
o ports: strongswan 5.8.3[22]
o ports: sudo 1.8.31p1[23]
Stay safe and healthy,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/pull/1753
[2] https://github.com/opnsense/plugins/blob/master/dns/bind/pkg-descr
[3] https://github.com/opnsense/plugins/blob/master/net/freeradius/pkg-descr
[4] https://github.com/opnsense/plugins/pull/1755
[5] https://github.com/opnsense/plugins/blob/master/security/maltrail/pkg-descr
[6] https://github.com/opnsense/plugins/blob/master/www/nginx/pkg-descr
[7] https://github.com/opnsense/plugins/blob/master/sysutils/nut/pkg-descr
[8] https://github.com/opnsense/plugins/blob/master/mail/postfix/pkg-descr
[9] https://github.com/opnsense/plugins/blob/master/net-mgmt/telegraf/pkg-descr
[10] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:06.ipv6.asc
[11] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:04.tcp.asc
[12] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc
[13] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc
[14] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc
[15] https://curl.haxx.se/changes.html
[16] https://web.mit.edu/kerberos/krb5-1.18/
[17] https://www.openssh.com/txt/release-8.2
[18] https://www.openssl.org/news/openssl-1.1.1-notes.html
[19] https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod
[20] https://www.php.net/ChangeLog-7.php#7.2.29
[21] https://www.python.org/downloads/release/python-377/
[22] https://wiki.strongswan.org/versions/76
[23] https://www.sudo.ws/stable.html
It almost looks like business as usual. But we all know it is not. We will get through this together.
Here are the full patch notes:
o system: add missing strtolower() in LDAP sync response
o system: fix /var/run/legacy_log socket creation race with Syslog-ng
o system: add info button to display privilege / ACL endpoints
o system: make IPsec tap tunables overwriteable
o firewall: floating means either all interfaces or more than one selected
o firewall: simplify group maintenance by only applying them on filter reload
o interfaces: use primary IPv6 and support VIP tracking
o interfaces: multiple changes in radvd.conf setup (contributed by maurice-w)
o dhcp: fix DDNS support in DHCPv6 (contributed by Wagner Sartori Junior)
o firmware: mirror opnsense.ieji.de renamed to opn.sense.nz
o openvpn: improve openvpn_port_used() logic
o unbound: minor cleanup in /api/unbound/diagnostics/stats endpoint
o unbound: remove 192.0.0.0/24 from rebinding prevention list (contributed by maurice-w)
o mvc: simplify reload of captive portal, cron, IDS, alias, loopback, VXLAN, web proxy, routes, syslog and shaper
o mvc: limit dropdown size to 10 is none specified
o mvc: support inheritance of the ArrayField type
o mvc: synchronize backup timestamps with revisions
o mvc: fixed width for timestamp column in logging
o mvc: init errorMessage to prevent crash reports
o shell: use interfaces_primary_address6() for correct IPv6 display
o shell: append a newline in pluginctl -g mode
o plugins: os-acme-client 1.30[1]
o plugins: os-bind 1.13[2]
o plugins: os-freeradius 1.9.6[3]
o plugins: os-haproxy 2.21[4]
o plugins: os-maltrail 1.5[5]
o plugins: os-nginx 1.19[6]
o plugins: os-nut 1.7[7]
o plugins: os-postfix 1.14[8]
o plugins: os-tayga 1.0 (contributed by Michael Muenz)
o plugins: os-telegraf 1.7.7[9]
o plugins: os-unbound-plus 1.0 (contributed by Michael Muenz and Petr Kejval)
o lang: multiple updates to supported languages
o lang: new Turkish translation (contributed by Aydin Yakar)
o src: work around PCI devices which return all zeros for reads of existing MSI-X table VCTRL registers
o src: fix incorrect checksum calculations with IPv6 extension headers[10]
o src: fix TCP IPv6 SYN cache kernel information disclosure[11]
o src: fix insufficient oce(4) ioctl(2) privilege checking[12]
o src: fix incorrect user-controlled pointer use in epair[13]
o src: fix kernel memory disclosure with nested jails[14]
o ports: curl 7.69.1[15]
o ports: krb5 1.18[16]
o ports: openssh 8.2p1[17]
o ports: openssl 1.1.1f[18]
o ports: perl 5.30.2[19]
o ports: php 7.2.29[20]
o ports: python 3.7.7[21]
o ports: strongswan 5.8.3[22]
o ports: sudo 1.8.31p1[23]
Stay safe and healthy,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/pull/1753
[2] https://github.com/opnsense/plugins/blob/master/dns/bind/pkg-descr
[3] https://github.com/opnsense/plugins/blob/master/net/freeradius/pkg-descr
[4] https://github.com/opnsense/plugins/pull/1755
[5] https://github.com/opnsense/plugins/blob/master/security/maltrail/pkg-descr
[6] https://github.com/opnsense/plugins/blob/master/www/nginx/pkg-descr
[7] https://github.com/opnsense/plugins/blob/master/sysutils/nut/pkg-descr
[8] https://github.com/opnsense/plugins/blob/master/mail/postfix/pkg-descr
[9] https://github.com/opnsense/plugins/blob/master/net-mgmt/telegraf/pkg-descr
[10] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:06.ipv6.asc
[11] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:04.tcp.asc
[12] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc
[13] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc
[14] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc
[15] https://curl.haxx.se/changes.html
[16] https://web.mit.edu/kerberos/krb5-1.18/
[17] https://www.openssh.com/txt/release-8.2
[18] https://www.openssl.org/news/openssl-1.1.1-notes.html
[19] https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod
[20] https://www.php.net/ChangeLog-7.php#7.2.29
[21] https://www.python.org/downloads/release/python-377/
[22] https://wiki.strongswan.org/versions/76
[23] https://www.sudo.ws/stable.html
#10331
20.1 Legacy Series / Re: Where can I get diag_logs_template.inc
April 08, 2020, 01:59:44 PM
What happens when you run this from the console?
# opnsense-revert opnsense
IMO the menu should point to the /ui link, not to the .php file (which no longer exists).
Cheers,
Franco
# opnsense-revert opnsense
IMO the menu should point to the /ui link, not to the .php file (which no longer exists).
Cheers,
Franco
#10332
20.1 Legacy Series / Re: LDAP / self signed certificate
April 08, 2020, 01:57:32 PM
As far as I remember a self-signed certificate works, but it needs to be added under System: Trust: Authorities, not Certificates.
Cheers,
Franco
Cheers,
Franco
#10333
20.1 Legacy Series / Re: Question around Wireguard vs. OVPN routing / firewall difference..
April 07, 2020, 01:16:29 PM
Apple Mail on Catalina is a hot mess, e.g. breaking down when trying to sync large mail boxes.
Cheers,
Franco
Cheers,
Franco
#10334
Hardware and Performance / Re: Mellanox ConnectX-4 MCX456A
April 07, 2020, 01:12:44 PM
Do not install incompatible FreeBSD binaries...
Cheers,
Franco
Cheers,
Franco
#10335
